We changed our name from IT Central Station: Here's why
Systems Manager at a financial services firm with 10,001+ employees
Real User
Top 20
Great security features with an enhanced GUI and multi-factor identification
Pros and Cons
  • "The security features are great. They will report in advance to you in the case of suspicious activity."
  • "The support could be better. Lately, they sort of dropped off a bit in terms of quality."

What is our primary use case?

I am a systems manager. I use Azure Active Directory every day for my support job.

Our authentication tools to single sign-on portals are hosted in different cloud products, like Amazon or GCP. So, we create an enterprise application and Azure Active Directory to give our users for authentication access to various public URLs.

How has it helped my organization?

Before Azure Active Directory, it took effort to provide cloud access to on-premises users. With Azure Active Directory and AD Connect, we are able to sync on-prem users to the cloud with minimal effort. We don't have to manage keeping multiple entities for the same user.

What is most valuable?

The multi-factor authentication (MFA) is one of the best aspects of the product. 

The security features are great. They will report in advance to you in the case of suspicious activity. 

The GUI is pretty enhanced. You can configure applications or do whatever they need to do. 

What needs improvement?

Azure Active Directory currently supports Linux machines. However, the problem is that you get either full or minimal access. It would be very nice if we could have some granular authorization modules in Azure Active Directory, then we could join it to the Linux machine and get elevated access as required. Right now, it is either full or nothing. I would like that to be improved. 

We have the ability to join Windows VMs to Azure. It would be nice if we could have some user logs, statistics, and monitoring with Azure Active Directory.

When we subscribe to MFA, the users get MFA tokens. However, it is not a straightforward process to embed any of the OTP providers. It would be good if Microsoft started embedding other third-party OTP solutions. That would be a huge enhancement.

For how long have I used the solution?

I have been using Active Directory for two years.

This product is used every second of every day.

What do I think about the stability of the solution?

The solution offers nice stability and performance. 

What do I think about the scalability of the solution?

In my organization, there might be as many as 60,000 people who utilize the solution. 

The scalability is awesome. You don't even need to think about scalability because Microsoft manages it.

We use it on a daily basis.

How are customer service and support?

The support could be better. Lately, they sort of dropped off a bit in terms of quality. Recently, Microsoft support has not been doing such a good job. Previously, they used to do a good job.

In the past, AD Connect was not syncing. It threw errors in the beginning. So, I had to call up technical support to solve the problem. At the time, we were satisfied with their assistance.

Which solution did I use previously and why did I switch?

I am also using AWS.

Azure Active Directory is not an Active Directory product. It is just the application proxy. You need to have an on-prem solution. Azure Active Directory would just be a proxy that uses the on-prem data and hosts the application. It is not a full-scale Active Directory solution. However, it has a lot of enhancements. The traditional on-prem Active Directory hosts the users and computers as well as some additional group objects. 

On the other hand, AWS Active Directory has all the capabilities of the traditional Active Directory with limited access for the administrator. All domain administration and sensitive credentials will be managed by AWS. So, you don't need to worry about application delays or syncing issues.  

How was the initial setup?

The initial setup is simple.

It is pretty easy to set up the product. You subscribe in Azure Active Directory. By default, it will have an extension where you need to register. If you need a custom domain name, then you need to register with your public DNS providers to create the DNS public entry. You will then have to prove that you own the domain name. Once it has been proven, then your Active Directory pretty much works. 

If you need to sync up your on-prem users with the Azure Active Directory, then you need to have an AD Connect server installed at the VM-level domain. It should be credentialed so AD Connect can use credentials to read your on-premises and sync it to the cloud. Once this has been done, you are good to go. As an enhancement, for whatever user you are syncing, you can mandate them by adding them to a group or rolling out an MFA policy.

What about the implementation team?

Since it is pretty straightforward, you just need one person to deploy it.

I implemented it in an hour.

Some maintenance is required. However, it is not on Azure Active Directory's part. Rather, it is for AD Connect. Often, we see that the connection is getting lost or something is not happening. Sometimes, port 443 might not be open from your on-prem Azure Active Directory. In that case, if you haven't implemented it in the beginning, then you need to do this. For a high availability solution, if you find that the machine is having additional issues, then you might need a higher AD Connect device. I would probably also deploy it with a different availability.

What's my experience with pricing, setup cost, and licensing?

The solution has three types of tiers:

  1. E1 has very basic features. 
  2. You get limited stuff in E2 and cannot have Office 360 associated with it. 
  3. E3 is on the costly side and has all the features.

If you need to have an Exchange subscription or email functionality, then you need to pay more for that.

What other advice do I have?

We are using both the on-premises version and the SaaS version.

I would advise potential new users to learn a bit about the product before jumping in. If you are new, you need to do background research about Azure Active Directory. You also need to understand its purpose and how you want to leverage it. When you have a draft architecture in place, then you can go ahead and implement this solution. If it needs to be reimplemented, it is just a matter of five minutes.

I would rate the solution as nine out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Timileyin Olaleye
Technical Support Engineer at Freelancer
Real User
Using its Conditional Access policy makes it easier to know when you have been breached
Pros and Cons
  • "The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization."
  • "There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory."

What is our primary use case?

I started using Azure in my organization for user management, identity management, and app security.

I am using purely Azure Active Directory, but I've used Azure Active Directory in a hybrid scenario. I sync my user from on-premises Active Directory to cloud. While I have used the solution in both scenarios, I use it mostly for purely ATS cloud situations.

How has it helped my organization?

We don't really have breaches anymore. Now, in most cases, we set up a sign-in policy for risky things, like a user signing in via VPN or they can't sign in based on their location. This security aspect is cool.

If a user wants to sign onto the company's account, but turn on their VPN at the same time, they might not be able to sign in because of the Conditional Access policy set up in place for them. This means their location is different from the trusted site and trusted location. Therefore, they would not be able to sign in. While they might not like it, this is for the security of the organization and its products.

What is most valuable?

The cloud security part is very valuable. Security is the most important thing in today's world. With Azure Active Directory, there are some features that tell you how you need to improve your security level. It informs you if you set up certain policies, e.g., this is where my users sign in. It tends to let you know if your organization has been breached with this security set up. Therefore, it is easier to know when you have been breached, especially if you set up a Conditional Access policy for your organization.

The authentication, the SSO and MFA, are cool. 

It has easy integration with on-premises applications using the cloud. This was useful in my previous hybrid environment. 

The user management and application management are okay.

What needs improvement?

There are some features, where if you want to access them, then you need to make use of PowerShell. If someone is not really versed in PowerShell scripting, then they would definitely have issues using some of those features in Azure Active Directory. 

For how long have I used the solution?

I have been using Azure AD for three years.

What do I think about the stability of the solution?

Overall, stability is okay. Although, sometimes with the cloud, we have had downtime. In some instances, Microsoft is trying, when it comes to Azure AD, to mitigate any issues as soon as possible. I give them that. They don't have downtime for a long time.

What do I think about the scalability of the solution?

You can extend it as much as you need. For example, you can create as many users as you want on the cloud if you sync your users from on-premises. Therefore, it is highly scalable.

I used to manage about 1,500 users in the cloud. Also, at times, I have worked with organizations who have up to 25,000 users. When it comes to scalability, it is actually okay. Based on your business requirements, small businesses can use Azure Active Directory with no extra cost as well as an organization with more than 10,000 users.

How are customer service and support?

The support is okay, but it is actually different based on your specific issue because they have different teams. For example, when you have issues with cloud identity management, I think those are being handled by Microsoft 365 support, and if you have an issue with your Azure services, the Azure team handles it. 

I can say the support from Microsoft 365 support is awesome because it is free support. Although the experience is not all that awesome every time, and there is no perfect system, when compared to other supports, I would rate them as 10 (out of 10).

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was straightforward. When I set up Azure Active Directory, I just had to create an Office 365 tenant.

Creating an Office 365 tenant automatically creates an Azure Active Directory organization for you. For example, if I create my user in Microsoft 365 automatically, I see them in Azure Active Directory. I just need to go to Azure Active Directory, set up my policies, and whatever I want to do based on the documentation.

A part of the documentation is actually complex. You need to read it multiple times and reference a lot of links before you can grasp how it works and what you need to do.

The very first time, it took me awhile to set up. However, when setting it up the second time, having to create Azure AD without setting up users was less than three minutes.

What was our ROI?

I work with a client who has a small organization of 50 users worldwide. With Active Directory, they are spending a lot for 50 users for management, the cost of maintenance, etc. The ROI number is too small for the costs that they are spending on the maintenance of an on-premises setup. So, I migrated them to Azure Active Directory, where it is cost-effective compared to an on-premises setup.

What's my experience with pricing, setup cost, and licensing?

For you to make use of some of the security features, you need to upgrade your licenses. If it is possible, could they just make some features free? For instance, for the Condition Access policy, you need to set that up and be on Azure AD P2 licensing. So if they could make it free or reduce the licensing for small businesses, that would be cool, as I believe security is for everyone.

Which other solutions did I evaluate?

The product is very good. Sometimes, I try to use Google Workspace, but I still prefer Azure to that solution. I prefer the Azure user interface versus the Google Workspace interface.

What other advice do I have?

Draw out a plan. Know what you want and your requirements. Microsoft has most things in place. If you have an existing setup or MFA agreement with Okta and other services, you can still make use of them at the same time while you are using Azure Active Directory. Just know your requirements, then look for any possible way to integrate what you have with your requirements.

Overall, this solution is okay.

I would rate this solution as an eight out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Azure Active Directory. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,643 professionals have used our research since 2012.
Cloud Architect at a hospitality company with 1-10 employees
Real User
Allows for privileged access, is easy to set up, and offers good stability
Pros and Cons
  • "Azure AD has features that have helped improve our security posture."
  • "My understanding is, in the future, they will be able to bring everything into one single platform and they are not there yet."

What is our primary use case?

The solution allows us to assign and give the access and controls. It allows us to monitor privileges with the users so that we can then be in control of the access given to digital resources.

How has it helped my organization?

The best example of how it has helped our organization is when we migrated toward Azure. We were able to take all the users which were there on-prem and migrated them over. If those facilities were not there in Azure Active Directory, then we would likely have to create individual users and one by one give them specific access. We'd have to look at their needs and set authentication. It would be hard to control users that needed higher admin-level access. Without the Active Directory, we would not have the control we needed. 

What is most valuable?

Azure AD has features that have helped improve our security posture. That's one of the basic fundamentals of having an Active Directory. The whole concept of Azure Active Directory came from the Active Directory on-prem version. There’s this tunnel of authentication that it has.

When you migrate, you can migrate your Active Directory on-prem onto the Azure Active Directory which has tightly integrated features due to the fact that they both are from Microsoft. Based on that, you can give access based on what privileges are needed. Basically, if you're talking about security, everything is related to role-based access. The security aspect is linked to providing the proper access.

What needs improvement?

My understanding is, in the future, they will be able to bring everything into one single platform and they are not there yet. We are loving third-party authentication, however, those authentications will be further scrutinized by AD itself.

For example, if you want to book a flight, you go to any website to book. Booking the flight can be divided into two parts. One is creating a log-in with a particular website and then booking. However, if there are five to ten websites and you want to compare prices on all of them. You aren’t going to set up a log-in for each and every site. That's not feasible.

Instead, you can use your own login credentials, for example, from your Hotmail or Google account. Then, you have a token authenticated by Google, et cetera, which gives you the privilege to do the booking for a particular session. This is similar to what Azure AD should do in the future for authentication and allowing access.

For how long have I used the solution?

I've been using the solution for at least four to five years. 

What do I think about the stability of the solution?

The stability is good. It's always there. If it is down then that's it. Anyone can log in. Anyone can do anything, whatever they want to do. That's why it's considered the backbone of the security pillar. There has never been any downtime, however.

What do I think about the scalability of the solution?

Azure AD is scalable. You don't need to take care of it as it's a part of the service which is taken care of by Azure itself based on how our company grows. Basically, it's a hidden feature, and scaling it for the end-user is always happening. It's always scaling.

We have about 3,000 users on Azure AD currently.

How are customer service and support?

I've been working as an architect and therefore have never directly dealt with technical support. 

Which solution did I use previously and why did I switch?

I work on different platforms. For example, I work on AWS and GCP (Google Cloud Platform), et cetera. Azure AD is very good and very powerful and offers a basic foundation having the highest status or dominance in terms of providing access management. It's tightly getting integrated with the on-premise solutions. That’s true irrespective of what cloud you're using - whether GCP, AWS, Oracle, or IBM - whatever the cloud provider, you're using the services you will be using a laptop or dashboard.

We are now working remotely. However, having remote access doesn't mean that you are not entering the company premises virtually. Basically, everything is going through your company's network. You're just going through to a cloud. You can move across platforms to validate. You can still use the AWS site to authenticate and verify the users. No matter the cloud, you’re still using Azure AD to get access.

How was the initial setup?

I wouldn't say the initial setup is complex. If you have a good understanding of the product, you can break down your tasks. Then, slowly, step by step you can complete all the tasks.

Our operations team did the migration from on-prem AD to Azure AD. Therefore, I cannot speak to the exact length of time it took. My work was to design the architect and provide them with the solution. 

What was our ROI?

I have clients who have seen an ROI.

What other advice do I have?

I'm not a Microsoft partner. I work as a consultant.

I'm predominantly using the SaaS deployment version. 

My advice to potential users is on the security side. There was a famous article on Gartner which clearly stated that by the end of about 2023 or 2024 if someone tries to access your network or if anything becomes accessible or has been exposed, it is not the cloud provider that is the problem. It is due to a misconfiguration of the services.

It's not really with the user. It's really with how and what kind of access you provide to that user. For example, if I give someone an admin status, and they provide access to someone, they are providing not only basic access, they’re giving access privilege or admin rights. If they’re giving admin rights to the wrong person, even though they may have the best intentions, due to a lack of knowledge, that person may do something stupid and it may be a disaster to the company. That has nothing to do with the AD users themselves. You need to be aware of the security and the access that you're granting your users at all times.

I'd rate the solution at a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Senior Information Technology Manager at a manufacturing company with 10,001+ employees
Real User
Top 5
Stable and scalable, but reliable user-training is lacking
Pros and Cons
  • "It's definitely both stable and scalable."
  • "Overall, it's not a very intuitive solution."

What is our primary use case?

We use it mainly for our Office 365 files. The integration between the two is interesting. It's been a learning curve.

What needs improvement?

Overall, it's not a very intuitive solution.

When you have an Office 365 enterprise subscription, it comes with Azure Active Directory. We don't have a subscription to Active Directory, but our Active Directory connector puts our credentials into the Azure Active Directory. On the Office 365 side, we're also in the GCC high 365, so it's a lot more locked down. There are a few things that aren't implemented which make things frustrating. I don't blame the product necessarily, but there are links and things within there that still point back to the .com-side and not the .us-side.

There's a security portal and a compliance portal. They're being maintained, but one's being phased in and the others are being phased out. Things continue to change. I guess that's good, but it's just been a bit of a learning curve.

Our Office 365 subscriptions are tied to our on-prem domain — I have a domain admin there. With our Active Directory connector, our on-prem credentials are being pushed to the cloud. We also have domain credentials in the cloud, but there's no Office subscription tied to it, just to do the administration stuff. I moved my sync credential to have a lot more administrative privileges. Some of the documentation I was reading clearly showed that when you have this particular ability right on the Azure side, and then you have another ability on the Office side, that intuitively, the Microsoft cloud knows to give you certain rights to be able to do stuff. They're just kind of hidden in different places.

Some things are in Exchange, and some things are in the Intune section. We had a few extra light subscriptions that weren't being used, so I gave my microsoft.us admin account a whole other subscription. In the big scheme of things, it's roughly $500 a year additionally — it just seems like a lot. I didn't create a mailbox for that and I was trying to do something in Exchange online and it said I couldn't do it because I didn't have a mailbox.

You can expect a different user experience between on-prem and online. Through this cloud period, we have premiere services, we have a premiere agreement and we had an excellent engineer help us with an exchange upgrade where we needed a server. We needed an OS upgrade and we needed the exchange upgrade on the on-prem hybrid server. We asked this engineer for assistance because my CIO wanted to get rid of the on-prem exchange hybrid server, but everything that I was reading was saying that you needed to keep it as long as you had anything on-prem. We asked the engineer about it and he said, "Yeah, you want to keep that." In his opinion, it was at least going to be two years. So at least I got my CIO to stop talking about that. It's just been an interesting time in this transition between on-prem and in the cloud.

In a secure environment, a lot of this stuff is PowerShell, which is fine. It's a learning curve, but if you don't use it all time, then it's a lot of back and forth with looking at the documentation and looking at other blogs. If you're in a secure environment, the Windows RM (remote management) stuff can be blocked, and that's frustrating, too.

For how long have I used the solution?

I have been using this solution for roughly five months.

What do I think about the stability of the solution?

It's definitely both stable and scalable. I used to work in an environment where we had a couple of onsite engineers from Microsoft and I worked on Active Directory — I did that for four years. We did the Active Directory health check, so I actually worked with the engineer for a week and went through our Active Directory. At the time, Microsoft said it was one of the top five most complicated forests out there. We had 150,000 users and 18 domains across the globe supporting the military, so it was pretty big. 

How are customer service and technical support?

We have experience with their premier support. We have a live audit coming up shortly so we don't have a lot of time to waste, waiting for support to get back to us — unless it's very critical. 

How was the initial setup?

I wasn't involved in the initial setup, so I cannot comment on that. 

What about the implementation team?

We used an integrator, however, we don't speak of his name anymore. 

What's my experience with pricing, setup cost, and licensing?

I think we're on the E3 — I think it was about 35 dollars per user. We may go up to the E5, which includes Project Online and the telecom service in TEAMS. We're in the process of rolling out Office 365 internally. We've had really great feedback that people really like TEAMS and we want to move there. 

We had a roadmap meeting with Microsoft a few months ago. Some of the more accessible types of things were on the roadmap for the first quarter of this year. I know that Microsoft's working hard at listening to their customers, especially through COVID. Collaboration has changed. They also have military folks, that's why they created the GCC High. Once they got into the GCC high, they're like, "Oh, we need to collaborate a little bit more." So they've been pushing a little bit more on integration. We're not going to have that kind of clout where I am, but where I used to work, we would've. 

What other advice do I have?

Overall, I would give Microsoft Azure Active Directory Premium a rating of four out of ten. They could really benefit from some better user-training. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
M365 enterprise Advisor(Azure) at a tech services company with 501-1,000 employees
MSP
It helps in terms cloud security, simplicity, and single sign-on for multiple apps
Pros and Cons
  • "In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps."
  • "The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform, am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly."

What is our primary use case?

Our use case depends on the client, their project, and what they want to deploy. 

  1. The solution can be deployed for security purposes. Multi-factor authentication is being deployed as a second layer of authentication, especially during this COVID-19 time, because everything has to stay secure. 
  2. Almost every organization uses the software as a service (SaaS) part. Because of the pandemic right now, a lot of companies are moving many things to the cloud, like virtual machines (VMs) and virtual networks. It doesn't invalidate the fact that some companies don't want to have control on-premises. 

Everything depends on the solution or what the client wants.

We use it for PaaS and IaaS.

What is most valuable?

In terms of identity management, it helps to improve security posture. It generally helps in terms cloud security, simplicity, and single sign-on for multiple apps.

What needs improvement?

In terms of improvement, there should be more flexibility and conditional access. There is a lot of flexibility already, but there are some technologies that should be embedded and integrated into it for a more flexible, customized experience. Also, there should be more tools for analysis for clients, e.g., there should be more flexibility aimed at end users. Regular IT guys for each company should be able to use the tools to troubleshoot a certain level of analysis in their environment.

The security part should be improved overall. 

The visibility in the GUI is not good for management. There are a lot of improvements that could make it better. It should be more user-friendly overall. It is not user-friendly because everything keeps changing on the platform. I can understand it because I know the platform,  am familiar with it, and use it every day. However, for a lot of clients, they don't use it every day or are not familiar with it, so it should be more user friendly.

For how long have I used the solution?

I have been using it for four to five years.

What do I think about the stability of the solution?

Availability for Azure AD as a whole is 99.95 percent. It is simpler and more available than the way technology used to be previously.

What do I think about the scalability of the solution?

It is very scalable. When you talk about licensing, you have the option to scale up or scale down. For example, you purchase 50 seats of licenses and assign 45 licenses, then for some reason, you fire 10 employees. Once you fire them, you will probably block their identity access and single sign-in. After that, you can decide to reduce the number of licenses. On the other hand, if you acquire 10 licenses and employ five new people, then you can scale up by adding more five licenses that month. So, it helps you to scale up or scale down easily.

In another example, if you have acquired five virtual machine instances, then are using more in terms of the processor, you can scale up. It depends on the configuration you have. If you have done the setup and everything from the beginning, then you can say, "If the processor level reaches 80 percent, you want to add another two virtual machine instances." On the other hand, if you deployed five virtual machine instances, but your usage of those processors is lower than 30 percent, then you should scale down. So, if you have five licenses and you want to scale down by one, then you can scale it down so you can reduce your costs.

How are customer service and technical support?

I would rate the technical support as a nine out of 10.

How was the initial setup?

When I set it up two years ago, it was easy, not complex. It didn't take much time at all to set up.

A lot of people sign in or set it up with a Google account, Yahoo account, or Microsoft account, which is not the global administrator. A lot of people think that this is the global administrator. They don't understand that the account might have an extension and don't see this until that account gets locked out. That is when they have problems signing in. The setup is not that complex. It is just that the user experience overall needs improvement here.

The deployment process depends on what you are trying to achieve and the technology that you are trying to deploy, e.g., are you trying to deploy SSO, set up device writeback, or do a regular AD Connect setup? Everything depends on the objective or the overall goals of what you want to achieve.

What about the implementation team?

Even after it has been deployed, one or two users may have problems with their account in terms of multi-factor authentication or the way it has been set up. I work with them to troubleshoot these issues.

Sometimes, the priority is to set up AD Connect, which integrates your on-premises to Active Directory. You must make sure your server is up and running. Apart from that, you need to set up your tenant, which is your profile admin center. 

If they want to download and install their tools, then we can connect to their on-premises for synchronization. So, it helps collect on-premises data and put it into the cloud. 

You can also install PowerShell. 

What's my experience with pricing, setup cost, and licensing?

Everything needs to be considered for the requirements and if it is within the budget, then you can come up with a solution, whether it is SaaS, PaaS, or IaaS. 

What other advice do I have?

Since people might not be very familiar with the platform, I have developed a system for how to use, deploy, or utilize the technology.

At the end of the day, it is about the overall goal because everything comes with a cost. Azure AD comes in different ways and shapes, e.g., SaaS is different from IaaS or PaaS, though it is still the same platform. 

Whether you are a small business or large business, you can always enjoy a very secure cloud platform. 

I would rate Azure AD as a nine out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Pankaj Singh Chandel
Sr. System Administrator at FST Information Technology Pvt Ltd
Real User
Privileged identity access lets us manage, control, and monitor permissions of a particular set of users or group
Pros and Cons
  • "This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application."
  • "Azure AD needs to be more in sync. The synchronization can be time-consuming."

What is our primary use case?

We provide a pipeline for Azure Active Directory. We are working with premium clients, giving them services, like SaaS application services through Azure Active Directory. Also, we help external clients who are planning to migrate from on-prem to Azure Active Directory. We help them with the setup, etc.

How has it helped my organization?

We are providing Office 365 access from Azure Active Directory. We are enabling multi-factor authentication and assigning the licenses for end users.

We can provide access for many SaaS analytics tools, like ERP and CRM. We can provide access from everywhere to Azure AD. So, it will work as an authentication service, then we can provide access to particular SaaS applications. Therefore, we manage all accesses and privileges within Azure AD for different applications.

What is most valuable?

The Privileged Identity Management is a good feature. The identity products of Azure Active Directory are good features. 

There are role-based access controls. Both built-in and custom roles are very useful and good for giving permissions to a particular set of users. 

Privileged identity access lets you manage, control, and monitor permissions of a particular set of users or group. This is a good way to control the access. With the rollback access control, that will secure your environment, e.g., if you want to secure it from an authentication point of view. So, if you are an authentication provider service, your request will go for authentication, then it will go back for service authentication. So, this is a good feature in Azure Active Directory.

Azure AD has features that have helped improve our security posture and our client's security posture. We don't have to manage many things because there are some built-in features inside it. We can set it up once and it will work as an auto process, which is good from our side. On the clients' side, it will then not be challenging when managing stuff, as it will be very easy to manage the client end.

What needs improvement?

Azure AD needs to be more in sync. The synchronization can be time-consuming. 

What do I think about the stability of the solution?

The availability is good. I have never experienced any downtime.

What do I think about the scalability of the solution?

The scalability is great. If we will go with the custom installation version of Azure AD Connect, i.e., for many users, then we can go with the custom settings. 

I have one client with one tenant. We verified their domain and created many users. It was already on-prem, so we synced all the users from on-prem to Azure AD. We gave those users Office 365 permission from the Office 365 admin center. From there, we enabled the MFA and assigned the licenses. 

We have migrated 10,000 to 12,000 objects from on-prem to Azure AD previously.

How are customer service and technical support?

Whenever I have logged a case with Microsoft, their technical support replies within 24 hours with an email and a call, which is good.

Which solution did I use previously and why did I switch?

Previously, our clients only had on-premises Active Directory. They migrated to Azure AD because they didn't want to keep their on-prem environment. There are a lot of challenges with maintaining those servers and other costs. 

It is also a good service. From one console, we can manage many things. It is better if we can work with it from a single console, managing it all with fewer resources. With on-prem, there are many domain controllers that we need for various stages, and we have to manage all the domain controllers. Apart from that, we have to back up and monitor the server as well as do everything for the setup. 

How was the initial setup?

It is a very easy process to set up. First, we need to collect all the information, e.g., the custom domain information, user information, and which kinds of applications the users want to access. All this information is needed. Based on that, we can just set up and go to the Azure Portal. We can go to the Azure Active Directory console from there, where we can verify the domain and do the management. It is a very easy process, which is not time-consuming. Though, if you want to design your own application (customize it) and provide access for a particular user or group, then it can be a bit of a time-consuming process.

What about the implementation team?

I don't think more than one or two people are needed for the deployment. If we have all the information, then we can work alone. Not many resources are needed for this.

What was our ROI?

Azure AD has a good return on investment. We do not need as many servers, electricity, etc. We can save from a cost point of view. Apart from that, if we have a limited set of users, we do not need to go with the extended version of Azure Active Directory, where it costs a lot to enable these services. Azure Active Directory is a good option compared to on-premises. 

This solution is less time-consuming. We don't have to hire as many resources to give permissions to a particular user or group for any application.

What's my experience with pricing, setup cost, and licensing?

We are working with the Premium P2 licenses, which are reasonable. If you invest in the on-premises environment setup, then it costs so much. However, on-prem AD gives you the ability to manage your organization in a very organized manner, where you can create a group policy.

Azure AD provides identity access. If you have to go with the identity part only, then Azure AD would be the better option. If you will go with the various authentication authorization and security services, like group policy setup, then on-prem Active Directory would be better.

What other advice do I have?

It is good service and easy to use.

I would rate the solution as a nine out of 10. They should be improving the solution all the time.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Saurabh Shelke
Technical Specialist
MSP
Top 20
Flexible with good device management and helpful activity logs
Pros and Cons
  • "It has made our work easier in that it’s simplified everything for us."
  • "The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which are not yet integrated with Azure AD."

What is our primary use case?

We primarily use the solution to take users into our AD. That's the basic purpose. We are using it in our whole organization so that our AD is synced.

What is most valuable?

Overall, the solution is quite good. 

There are a few additional functionalities that are very compatible. For example, device management is there and creating a custom role, which reduces the task of restricting the user from AD, if the person is on the on-premise AD. If they're using on-premise, they have to create a distribution list, then apply Azure to that. It's simplified in Azure AD, making it easy to create roles and assign them to the users. 

In fact, the device management and role assignments are great. These two features I found very compatible. For device management, if you are using an on-prem AD, you have to use some other software like Google admin to manage the devices. However, here, it is integrated into Azure AD. That's a positive aspect of the solution.

Regarding the role assignments, it's a very flexible way to restrict the user, or, if you want to customize access, that can be done as well.

The activity log, which is a way to see who made what changes, is quite useful.

Azure AD has features that helped improve our security posture. It is SSO - Single Sign-On. We can manage the users very easily and we can apply SSO and MFA to them. 

I'll give it a score of four out of five for the security posture on offer.

For whatever company I'm working for, we cannot fully put the data on the cloud due to compliance. Rather, you have to keep some data on-premises. That’s why it’s great that we can use the hybrid approach with Microsoft.

Azure AD  has not affected our end-user experience in any way. The transition is also quite smooth. If you're using an AD Connect to sync from your on-premises to your Azure AD, nothing has come up from the end-users in terms of issues or problems.

It has made our work easier in that it’s simplified everything for us. It has eliminated a few of the third-party tools, which we used to use. For example, we had a dependency on Google admin due to the fact that we could see where we could manage the devices of the user. That has been integrated directly to Azure AD.

What needs improvement?

The solution has not saved costs. While we’ve eliminated some tools, there are some other features that we are dependent on as admin, which is not yet integrated with Azure AD.

Other features have a broader scope and are covered under Azure. If, for example, I want to create a workflow, that cannot be done in Azure AD. That is something that is done in the Azure function or Azure logic app. Parts have to be covered in other functions. 

Longer-term, there are some features which might be added, such as admin features similar to Google admin. If I'm an employee and I'm exiting the company, for example, I need to transfer that data from myself to my manager. For that, maybe they could include a feature where they can transfer the data from the user directly and we don't have to rely on any admins.

For how long have I used the solution?

I've been using Azure AD for one and a half years. Before, we were on-premises.

What do I think about the stability of the solution?

The stability is quite good. It has already been integrated with SSO or MFA. From a security perspective, it's quite stable. 

What do I think about the scalability of the solution?

The scalability is pretty fair. Azure is doing quite good work in the cloud. It's one of the top clouds. Scalability is not an issue, for Azure AD at least.

We have approximately 800 users overall, between our India and Phoenix offices.

We have ten administrators working with this tool in your organization. They are mostly assistant admins. There are two people who are working as global administrators. They do all the configurations.

How are customer service and support?

I haven't worked with Microsoft regarding this solution.

Which solution did I use previously and why did I switch?

My past experience is limited to Azure AD. We also work with Azure Monitor and Azure Logic.

How was the initial setup?

The initial setup is pretty much a straightforward process. I've set up another AD Connect and the process was done in 15 minutes. If you have proper documentation, you can go through it very, very smoothly. That's what my understanding is.

The solution doesn't require any maintenance. 

What was our ROI?

We've definitely seen an ROI. I can't speak to the pricing part, however, when I see it as an administrator, I definitely see the value for money for our organization. A lot of functionalities have been added, with still more plans to add a few more features. There clearly has been a value addition.

What's my experience with pricing, setup cost, and licensing?

I don't have any insight on the pricing end as that is always managed by our team leader. They take care of all the pricing activities, et cetera. Any pricing-related information I don't have knowledge of. 

What other advice do I have?

In terms of deployment, we are on a hybrid structure, where we are using an AD Connect to sync our on-prem users to Azure.

I'd rate the solution at a nine out of ten.

A lot of functions have been included as compared to the on-premises deployment. Compared with competitors such as AWS and Google Cloud, it is in a different league. For example, AWS also has good features, however, this is more simplified and it's a Microsoft product, so you can rely on it for the long term. 

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Microsoft Azure Engineer at a tech services company with 10,001+ employees
Real User
Top 20
Easy to use with a single sign-on and offers an improved security posture
Pros and Cons
  • "The scalability is good now, and I find it to be more stable and faster since scaling up to ESX."
  • "The initial setup was complex."

What is our primary use case?

We provide single sign-on, app syncing, and API seamless access to more than 2,000 users with the syncs into Azure. We provide access to email, SharePoint Online, Skype, and other services on the cloud to half of those users. We have services in the cloud, such as app registration and documents for SharePoint Online.

What is most valuable?

The single sign-on is the most valuable aspect of the solution. It allows for storing passwords in secure vaults. For developers, we use a vault for SSH. Mainly, we have replication from all services on-prem to the cloud.

With a single sign-on, in the case something happens on-premises, users can still use a single sign-on to a PC to access the cloud.

We can deploy policies, which improves our security posture. It's mainly very similar to on-premises, however, some new features can be used on the cloud as well, such as labs and password rotation. Some features have improved, which has been great.

The solution improves the way our organization functions. I can deploy a policy that will search for unused accounts, for example, and delete or just move them to a different organization unit that handles unused accounts. We can change unsecured passwords. We can detect intrusion and inform a security group on how to disable that account immediately. We can also perform security checks on services.

We can easily migrate services and improve the quality and improvement of bandwidth of the service. It's easy to scale.

There are some searches, such as a global search, which have powerful query capabilities if you configure it in a certain way.

It's easy to use. The portal experience provides a dashboard of what's happening. With the dashboard, you can see what's happening with the service faster. Of course, I’m talking about the cloud. On-prem you don't have that dashboard.

Active Directory has affected our end-user experience. It has improved it as we have centralized management now and we have centralized administration, and things can be automated easily. You can have most tasks automated. It's good.

What needs improvement?

The security needs to be improved. For example, in terms of changing from one version to the latest, meaning going from 2008 to 2012, or 2016 to 2019, you need to get rid of all the operating systems and they need to ensure the security is upgraded and improved.

They need to bring BitLocker into the VMs and the servers.

LAPS could also be improved. LAPS are used to rotate passwords on a server. That can be improved upon to increase security levels.

Protocols SSL 2.0 and SSL 3.0 need to be removed and they should change my TLS 1.2 for every application.

For how long have I used the solution?

I've been using Azure for about 13 years. However, I've used Active Directory for 25 years. It's been a long time.

What do I think about the stability of the solution?

We have found some servers do not have enough CPU or memory which meant there was not enough stability. I scaled up the service to ESX, to a virtual host, and I installed multiple DCs, virtualized. As the solution has physical machines, CPU and memory were not enough. However, the scaling provided much more stability.

What do I think about the scalability of the solution?

The scalability is good now, and I find it to be more stable and faster since scaling up to ESX.

We tend to increase usage every month. We have five countries with multiple forests. Currently, we have 200 users or so on the solution.

How are customer service and support?

The technical support is not so bad, however, it's lacking in faster response times sometimes.

Which solution did I use previously and why did I switch?

We did not previously use a different product.

How was the initial setup?

The initial setup was complex. It has several forests connected to multiple domains in several countries, and it's going through multiple data centers. Typically, we have a solution for the VPN. It's different in every country sometimes. On top of that, centralized services are not so easy to manage in different forests.

The initial deployment was set initially for six months, and then we’ve been doing improvements for the last six months as well. It’s been a year in total.

Our initial implementation strategy was to sync a forest with multiple domains.

We have ten to 15 people who are capable to handle maintenance on the product. These include a cloud architect to Active Directory architect engineers, help desk engineers to deploy and manage solutions, and engineers to manage the servers.

What about the implementation team?

We did not use an integrator, reseller, or consultant for the deployment. We handled it in-house. That is my understanding.

What was our ROI?

We have seen a bit of an ROI.

What's my experience with pricing, setup cost, and licensing?

The solution is not the cheapest in the market. It could be improved and possibly lowered slightly.

Which other solutions did I evaluate?

We moved right into Active Directory, however, as a cloud architect, I am familiar with other solutions. I advised the client to go right to Active Directory based on my past experience. Due to the complexity of services they offered, I knew integration would be easy.

What other advice do I have?

We are a Microsoft partner.

We use several versions of the product, including 2016 and 2019. For one customer, they're running 2008, which is the old version, and I just upgraded them to 2012. The domain controller is 2012 R2 and has the latest patches.

I'd advise new users to do an original design with an architect, and think about scaling up while considering services you will be adding in the future. It's important to plan the security tightly and do a neat design and consider services such as BitLocker and other resources that will be needed.

I'd rate the solution at an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate